Re: Auth, Session Timouts & Login
Hi
Thanks for replying. I've got $this->Session->destroy(); in my logout
method which doesn't solve it. Redirecting to a non-auth page would be
inconvenient. Any other ideas?
Cheers
On Dec 10, 8:40 pm, thatsgreat2345 <[EMAIL PROTECTED]> wrote:
> On logout delete the session cookies, or redirct to a page with out
> auth component on logout.
>
> On Dec 10, 9:51 am, lazlo2019 <[EMAIL PROTECTED]> wrote:
>
> > Hi
>
> > Here's the scenario. Set the timeout to a very low number (I'm using 1
> > for arguments sake) and security to high. Login as normal. Logout or
> > wait for the session to timeout and end up back at the login page. If
> > I then try to login within the timeout limit it'll be fine. If however
> > I try to login after the timeout period I'll get "not authorized to
> > view that location" error. This continues until you attempt to login
> > within the timeout period of a previous login attempt.
>
> > However, if I pass the timeout period BUT use FF Web Dev Toolbar or
> > whatever to delete the domain/session cookies, it let's me in.
>
> > I can see in Auth.php where the flow differs depending on pre or post
> > timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try
> > pre-timeout its false, post-timeout its true.
>
> > My timeout needs to be low and security high and I can just imagine
> > getting the call "why do I have to login twice?" once the site goes
> > live.
>
> > Replicated in RC2 and RC3.
>
> > Anyone got any ideas or able to replicate? Any ideas appreciated.
>
> > Thanks guys
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Auth, Session Timouts & Login
On logout delete the session cookies, or redirct to a page with out
auth component on logout.
On Dec 10, 9:51 am, lazlo2019 <[EMAIL PROTECTED]> wrote:
> Hi
>
> Here's the scenario. Set the timeout to a very low number (I'm using 1
> for arguments sake) and security to high. Login as normal. Logout or
> wait for the session to timeout and end up back at the login page. If
> I then try to login within the timeout limit it'll be fine. If however
> I try to login after the timeout period I'll get "not authorized to
> view that location" error. This continues until you attempt to login
> within the timeout period of a previous login attempt.
>
> However, if I pass the timeout period BUT use FF Web Dev Toolbar or
> whatever to delete the domain/session cookies, it let's me in.
>
> I can see in Auth.php where the flow differs depending on pre or post
> timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try
> pre-timeout its false, post-timeout its true.
>
> My timeout needs to be low and security high and I can just imagine
> getting the call "why do I have to login twice?" once the site goes
> live.
>
> Replicated in RC2 and RC3.
>
> Anyone got any ideas or able to replicate? Any ideas appreciated.
>
> Thanks guys
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Auth, Session Timouts & Login
Hi
Here's the scenario. Set the timeout to a very low number (I'm using 1
for arguments sake) and security to high. Login as normal. Logout or
wait for the session to timeout and end up back at the login page. If
I then try to login within the timeout limit it'll be fine. If however
I try to login after the timeout period I'll get "not authorized to
view that location" error. This continues until you attempt to login
within the timeout period of a previous login attempt.
However, if I pass the timeout period BUT use FF Web Dev Toolbar or
whatever to delete the domain/session cookies, it let's me in.
I can see in Auth.php where the flow differs depending on pre or post
timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try
pre-timeout its false, post-timeout its true.
My timeout needs to be low and security high and I can just imagine
getting the call "why do I have to login twice?" once the site goes
live.
Replicated in RC2 and RC3.
Anyone got any ideas or able to replicate? Any ideas appreciated.
Thanks guys
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
